The present invention generally relates to a method wherein a connection establishment is initiated over a data transmission network upon execution of a program.
The data transmission network transmits the data as circuit switched data or in data packets. An example for a circuit switched data transmission network is a telecommunication network which is used for transmission of voice data. However, there are also circuit switched data transmission networks which allow the transmission of data packets; e.g., the GPRS method (General Packet Radio Service). An example of a data transmission network in which the data is transmitted in data packets is the Internet. Packet data transmission in the Internet is connectionless at lower packet layers. However, at higher protocol levels, just as in a circuit switched data transmission, network connections are established for which specific network resources are seized; for example, transmission channels or access ports. After transmission of the data, the connection is cleared down again.
An object of the present invention is to specify a simple and effective method for defining and checking a connection establishment authorization, which, in particular, prevents an unauthorized connection establishment. In addition, an associated program data package, an associated device and an associated program are to be specified.
With the method in accordance with the present invention, an authorization data item, for which the value specifies connection setup rights, is prespecified for a program which, when executed, establishes connections over a data transmission network before such program is transferred to a device of a user. For example, the value allows unrestricted connection establishment, forbids establishing connections or makes establishing connections dependent on the presence of specific conditions. The program is transferred along with the authorization data item to a user's device; for example, on a data medium or via a data transmission network. The data medium is, for example, a magnetic or optical memory medium.
The transferred program and the authorization data are stored in a memory unit of the device. On execution of the program, a connection establishment is initiated via a data transmission network. Before a connection can be established, however, a security program, which is a program independent of the program to be executed, uses the value of the authorization data to check whether the user of the program or the program itself is authorized to establish a connection. Depending on the value of the authorization data, the connection establishment is allowed or rejected.
A method in accordance with the present invention provides the option of performing a uniform connection authorization for a number of different programs. Thus, the connection establishment authorization is checked not only by the individual programs themselves, but also by the independent security program. In addition the user is not burdened with specific questions of authorization when connections are established. A yes or no decision by the user is merely required as to whether they agree to a connection establishment. As such, the user does not have to have any specific knowledge about the program or the security program with the aid of which he/she could specify and change connection establishment authorizations. The method in accordance with the present invention also can be executed without a system administrator who needs specific knowledge to issue connection establishment rights.
In a further embodiment of the method in accordance with the present invention, the method is executed in a terminal of a data transmission network. With terminals in mobile radio data transmission networks, in particular, the problem arises that there is no one, such as an administrator, with sole unrestricted authorization for the terminal who could, for example, make settings. Thus, as well as the user of the terminal, there is the manufacturer of the terminal and the operator of the mobile radio network. The method in accordance with the present invention allows the authorization data to be specified in such a way that both the user and the device manufacturer, as well as the network operator, are in agreement with this specification and, where necessary, are also authorized and in a position to check the specification.
For a further embodiment of the method in accordance with the present invention, the authorization data is transferred outside the program available in machine code; i.e., outside what is known as a machine program or outside the program available in byte code. The machine program contains commands which are contained in the command set of a processor which is to execute the program. The byte code, on the other hand, is an intermediate code between source code and machine code. Commands in byte code must first be translated into processor-dependent machine commands with the aid of a compiler program. For example, byte code is created when the JAVA programming language is used to allow programming which is independent of the type of processor which eventually will execute the machine commands created from the byte code. The fact that the authorization data is transferred outside the program allows items to be specified for a uniform method, for example, which can be accessed without any knowledge of the program structure.
In a further embodiment, there are at least two kinds of program types and at least two values for the authorization data. Permissible assignments of the program types to at least one value, in each case, are specified; for example, in accordance with type of a table. The table header, for example, contains at least three values for the authorization data. The table lines are, for example, assigned to at least three types of program. There are crosses in the fields of the table, for example, when an assignment exists. If there is no assignment, the fields are blank. At least one value is assigned to each program type. However, a number of permitted values can be assigned to one program type. The lines of the table differ from each other in each case in an exemplary embodiment.
The value of the authorization data is determined in such embodiment depending on the program type, with the aid of the assignments or the table. Thus, the authorization data has a value in accordance with a prespecified permitted assignment.
Such an assignment is particularly well suited, in accordance with another embodiment, to being defined in a standard; preferably, in an internationally valid standard. As already mentioned, the present invention can be used with mobile radio devices so that the standardization body, in particular, is a body which specifies standards for mobile radio stations or mobile radio networks.
For another embodiment, there are at least two of the following program types:                a third-party supplier program type to which programs are assigned which are not provided by the manufacturer of the device and not by the network operator of the network over which the connection is established, but by a third party;        a device manufacturer program type to which programs are assigned which are provided by the manufacturer of the device, such as ex-works, that is before the device is delivered to the user; and        a network operator program type to which programs are assigned which are made available by the operator of the network over which the connection is established.        
The programs of each type establish connections over the data transmission network. Connections to the manufacturer or network operator are established in the network, for example, for service purposes or to provide specific IN services for the user. However, there are a large number of other program types that can be defined.
In another embodiment of the method in accordance with the present invention there are at least two of the following values for the authorization data:                a value which only makes it possible to establish a connection with the agreement of the user;        a value which allows unrestricted connection establishment; and        a value which allows a connection to be established depending on the amount of user credit.        
The values naturally differ from one another to allow a distinction to be made. However, a number of further values for other conditions can be defined.
In yet another embodiment of the method in accordance with the present invention, the value of the authorization data no longer can be changed in the user's device. This measure guarantees that, once specified, the value of the authorization data cannot be misused by changing it. The misuse does not have to originate from the user, but also can originate from third parties.
In an alternative embodiment, the value of the authorization data can only be changed with the aid of the security program. This measure also allows misuse to be prevented without imposing too stringent restrictions. For example, misuse can be effectively prevented if the security program can be called by the user; for example, by specifying a password.
In another embodiment of the method in accordance with the present invention, the security program records the approval and/or rejection of a connection establishment in a log file. If a dispute arises later between a number of those involved, for example between the user and the network operator, about the level of connection costs, the log file can be used as evidence which both sides also accept when adhering to specific conditions.
In another embodiment, at least one digital certificate and/or a digital key is transmitted together with the authorization data. The digital keys are used for executing electronic encryption procedures; for example, methods such as those discussed in ITU-T (International Telecommunication Union—Telecommunication Sector) Standard X.509. Moreover, the authorization data is transmitted digitally encrypted and is stored digitally encrypted. The log file, too, can be encrypted with a digital key. The encryption excludes unauthorized changes to the data. In addition, data stored encrypted is better suited as verification of the processes relating to the connection than data stored unencrypted.
The present invention also relates to a program data package which on the one hand, contains program data in a machine code and a byte code and, on the other hand, contains metadata. The metadata includes the authorization data. In further embodiments developments, the program package is transferred in accordance with the inventive method or its further developments. In particular, the authorization data is defined in accordance with the method explained above.
Furthermore, the present invention relates to a device, particularly a data processing system, which is used for executing the method in accordance with the present invention. In further embodiments, the device contains units which allow execution of the various inventive methods.
The present invention lastly relates to a program which in particular provides the functions of the security program. In certain embodiments of the program, the program is structured in such a way that it is suitable for executing a method in accordance with the present invention or of its various embodiments.
Additional features and advantages of the present invention are described in, and will be apparent from, the following Detailed Description of the Invention and the figures.